Joined: 12 May 2004
|Posted: Mon Jun 12, 2006 8:26 pm Post subject: [ GLSA 200606-14 ] GDM: Privilege escalation
|Gentoo Linux Security Advisory
Title: GDM: Privilege escalation (GLSA 200606-14)
Date: June 12, 2006
Updated: June 19, 2006
An authentication error in GDM could allow users to gain elevated privileges.
GDM is the GNOME display manager.
Vulnerable: < 220.127.116.11
Unaffected: >= 18.104.22.168
Architectures: All supported architectures
GDM allows a normal user to access the configuration manager.
When the "face browser" in GDM is enabled, a normal user can use the "configure login manager" with his/her own password instead of the root password, and thus gain additional privileges.
There is no known workaround at this time.
All GDM users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=gnome-base/gdm-22.214.171.124"
Gnome Bugzilla entry
Last edited by GLSA on Tue Jun 20, 2006 4:19 am; edited 1 time in total